On Aug. 22, the Department of Homeland security, which first issued an advisory July 31 about the risks Backoff posed to U.S. business - particularly smaller merchants - warned U.S. businesses that they may have already have been unknowingly compromised.

Now the DHS is encouraging all businesses, regardless of size, to scan their POS systems for a possible compromise.

"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the 'Backoff' malware," the DHS notes in its new advisory. "Seven POS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected."

"DHS strongly recommends actively contacting your IT team, anti-virus vendor, managed service provider, and/or point of sale system vendor to assess whether your assets may be vulnerable and/or compromised," according to the Aug. 22 advisory. "The Secret Service is active in contacting impacted businesses, as they are identified, and continues to work with and support those businesses that have been impacted by this POS malware. Companies that believe they have been the victim of this malware should contact their local Secret Service field office and may contact the NCCIC [National Cybersecurity and Communications Integration Center] for additional information."

Remote Access

Security and forensics firm Trustwave, which first identified and named Backoff, says remote-access compromises have been to blame for all of the Backoff infections it has investigated to date.

In June, Vancouver, Wash.-based Information Systems & Supplies Inc., a POS vendor that caters to the food-service industry, notified customers that a compromise of its LogMeIn account likely exposed card data associated with POS transactions conducted between Feb. 28 and April 18 of this year.

And then, in late July, the Delaware Restaurant Association notified its membership of a possible LogMeIn compromise that may have exposed card data at a yet-to-be-determined number of Delaware restaurants (see Restaurant Association Warns of Breach).

Most recently, New Orleans restaurant Mizado Cocina on Aug. 19 confirmed that its POS network had been compromised by Backoff. And on Aug. 21, UPS Stores announced that it, too, had suffered a POS compromise linked to retail malware the DHS warned about on July 31 (see New Breaches Tied to Evasive Malware).

UPS, however, has not yet confirmed that the malware used in the attack, which affected 51 of its stores, was, in fact, Backoff.

About the Author

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.